Try our new research platform with insights from 80,000+ expert users

OpenText Dynamic Application Security Testing vs Veracode comparison

OpenText and Veracode are both solutions in the Dynamic Application Security Testing (DAST) category. OpenText is ranked #3 with an average rating of 8.0, while Veracode is ranked #1 with an average rating of 8.0. OpenText holds a 11.0% mindshare in DAST, compared to Veracode’s 18.2% mindshare. Additionally, 83% of OpenText users are willing to recommend the solution, compared to 89% of Veracode users who would recommend it.
OpenText Dynamic Applicatio...
Read 22 OpenText Dynamic Application Security Testing reviews
  • 3,095 Views
  • 1,145 Comparison Views
83% willing to recommend
Veracode
Read 208 Veracode reviews
  • 18,975 Views
  • 2,846 Comparison Views
89% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between OpenText Dynamic Application Security Testing and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed OpenText Dynamic Application Security Testing vs. Veracode Report (Updated: December 2025).
Buyer's Guide
OpenText Dynamic Application Security Testing vs. Veracode
December 2025
Download the complete report
Helped 881,757 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

OpenText Dynamic Applicatio...
Ranking in Dynamic Application Security Testing (DAST)
3rd
Average Rating
7.2
Reviews Sentiment
6.1
Number of Reviews
22
Ranking in other categories
DevSecOps (9th)
Veracode
Ranking in Dynamic Application Security Testing (DAST)
1st
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of February 2026, in the Dynamic Application Security Testing (DAST) category, the mindshare of OpenText Dynamic Application Security Testing is 11.0%, up from 9.5% compared to the previous year. The mindshare of Veracode is 18.2%, down from 30.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Dynamic Application Security Testing (DAST) Market Share Distribution
ProductMarket Share (%)
Veracode18.2%
OpenText Dynamic Application Security Testing11.0%
Other70.8%
Dynamic Application Security Testing (DAST)
 

Featured Reviews

AP
ArnabPaul
Cyber Security Consultant at a tech vendor with 10,001+ employees
Enhancements in manual testing align with reporting and integration features
WebInspect works efficiently with Java-based or .NET based applications. However, it struggles with Salesforce applications, where it requires approximately 20-24 hours to crawl and audit but produces minimal findings, necessitating manual verification. The solution offers customization features for crawling and vulnerability detection. It includes various security frameworks and allows selection of specific vulnerability types to audit, such as OWASP Top 10 or JavaScript-based vulnerabilities. When working with APIs, we can select OWASP API Top 10. The tool also supports custom audit features by combining different security frameworks. For on-premises deployment, the setup is complex, particularly regarding SQL server configuration. Unlike Burp Suite or OpenText Dynamic Application Security Testing, which have simpler setup processes, WebInspect requires SQL server setup to function.
Read full review
reviewer2703864 - PeerSpot reviewer
reviewer2703864
Head of Security Architecture at a healthcare company with 5,001-10,000 employees
Onboarding developers successfully while improving code security through IDE integration
Regarding room for improvement, we have some problems when onboarding new projects because the build process has to be done in a certain way, as Veracode analyzes the binaries and not the code by itself alone. If the process is not configured correctly, it doesn't work. That's one of the things that we are discussing with Veracode. Something positive that we've been able to do is submit formal feature requests to them, and they are working on them; they've already solved some of them. This encourages us to propose new ideas and improvements. Another improvement that we asked for this use case is to be able to configure how Veracode Fix proposes and fixes because sometimes it makes proposals using libraries that go against our architecture design made by the enterprise architecture team. For example, we want them to propose using another library, and that's something we already asked Veracode, and they are working on it. We want to specify when you see this kind of vulnerability, you can only propose these two options.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's a well-known platform for doing dynamic application scanning."
"The solution's technical support was very helpful."
"Guided Scan option allows us to easily scan and share reports."
"Good at scanning and finding vulnerabilities."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"The feature that has been most influential in identifying vulnerabilities is its ability to crawl the website, understand the structure, and analyze the network packets sent and received."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
More OpenText Dynamic Application Security Testing pros
"It's straightforward, and it does not require a lot of time. It's a straightforward platform that you can use for performing scans or mitigating issues. It has a very good user interface. FAQs are also helpful in case you are not familiar with it."
"One of the best things they offer is the scalability. The fact that you can work with it through the cloud means that if you have unintegrated business units, you don't have to worry about having a solution on-prem and having the network connection; you don't have to worry about giving up source code, you are just sending your binary files for most of the applications. So it scales much faster."
"Veracode static analysis allows us to pinpoint issues - from a simple hard-coded test password, to more serious issues - and saves us lot of time. For example, it raises a flag about a problematic third-party DLL before development invests time heavy using it."
"The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs."
"We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it."
"I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code."
"It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security."
"We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing."
More Veracode pros
 

Cons

"The initial setup was complex."
"The scanner could be better."
"A localized version, for example, in Korean would be a big improvement to this solution."
"One thing I would like to see them introduce is a cloud-based platform."
"I would like WebInspect's scanning capability to be quicker."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
More OpenText Dynamic Application Security Testing cons
"Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries."
"Straightforward to set up, but the configuration of the rules engine is difficult and complicated."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
"Veracode's false positives have room for improvement."
"Maybe the boards could be made easier to understand or easier to customize."
"They need to have a plug-in, a better integration with the development environment."
"Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines."
"Ideally, I would like better reporting that gives me a more concise and accurate description of what my pain points are, and how to get to them."
More Veracode cons
 

Pricing and Cost Advice

"The price is okay."
"Fortify WebInspect is a very expensive product."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"It’s a fair price for the solution."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"This solution is very expensive."
"The pricing is not clear and while it is not high, it is difficult to understand."
"I think it's a great value. It's at a price point that a small company like mine can afford to use versus, if it was too exorbitant, I wouldn't be able to use this product. The cost of the license is small in comparison to the value it brings"
"We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily."
"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
"The pricing is reasonable compared to other tools."
"I don't have firsthand knowledge of Veracode pricing, but based on client feedback, it seems to be expensive with additional fees for certain features."
"As compared to others, it is a costly solution. It is overpriced, and many organizations with a limited budget cannot afford it. That is why they are going for other tools, but those tools are not that effective. Veracode is better in terms of quality. If you want good service, you have to pay for it."
"I know that Veracode is a semi-pricey solution. If you are serious about security, I would recommend that you use an open-source option to learn how the scanning process works and then look into Veracode if you want to really step up your game and have an all-in-one solution."
"Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
See recommendations
881,757 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Government
15%
Financial Services Firm
14%
Manufacturing Company
10%
Computer Software Company
8%
Financial Services Firm
17%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise1
Large Enterprise15
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise44
Large Enterprise115
 

Questions from the Community

What is your experience regarding pricing and costs for Fortify WebInspect?
While I am not directly involved with licensing, I can share that our project's license for 1-9 applications costs between $15,000 to $19,000. In comparison, Burp Suite costs approximately $500 to ...
See all answers
What needs improvement with Fortify WebInspect?
WebInspect works efficiently with Java-based or .NET based applications. However, it struggles with Salesforce applications, where it requires approximately 20-24 hours to crawl and audit but produ...
See all answers
What is your primary use case for Fortify WebInspect?
I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite from PortSwigger. For API testing, I use Postman with Burp Suite or WebInspect fo...
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode Static Analysis?
I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities.
See all answers
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
See all answers
 

Comparisons

PortSwigger Burp Suite Professional vs OpenText Dynamic Application Security Testing Logo
PortSwigger Burp Suite Professional vs OpenText Dynamic Application Security Testing
Compared 23% of the time
Checkmarx One vs OpenText Dynamic Application Security Testing Logo
Checkmarx One vs OpenText Dynamic Application Security Testing
Compared 8% of the time
OWASP Zap vs OpenText Dynamic Application Security Testing Logo
OWASP Zap vs OpenText Dynamic Application Security Testing
Compared 5% of the time
Invicti vs OpenText Dynamic Application Security Testing Logo
Invicti vs OpenText Dynamic Application Security Testing
Compared 5% of the time
HCL AppScan vs OpenText Dynamic Application Security Testing Logo
HCL AppScan vs OpenText Dynamic Application Security Testing
Compared 5% of the time
More OpenText Dynamic Application Security Testing Competitors
SonarQube vs Veracode Logo
SonarQube vs Veracode
Compared 11% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 8% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 5% of the time
OWASP Zap vs Veracode Logo
OWASP Zap vs Veracode
Compared 3% of the time
Coverity Static vs Veracode Logo
Coverity Static vs Veracode
Compared 3% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
OpenText Dynamic Application Security Testing
January 2026
OpenText Dynamic Application Security Testing reportDownload OpenText Dynamic Application Security Testing product report
Buyer's Guide
Veracode
January 2026
Veracode reportDownload Veracode product report
 

Also Known As

Micro Focus WebInspect, WebInspect
Crashtest Security , Veracode Detect
 

Overview

OpenText Dynamic Application Security Testing offers robust scalability, ease of use, and high accuracy in scanning, making it a valuable tool for enterprises.

This security testing platform is known for its centralized dashboard, guided scans, and comprehensive reporting. It integrates seamlessly with tools like Fortify code scanner and supports extensive vulnerability detection and analysis, enhancing efficiency in security management. Despite its strengths, users suggest improvements in cloud integration, cost-effectiveness, and installation processes. Faster scans, reduced false positives, and improved mobile testing features are also desired.

What are the key features of OpenText Dynamic Application Security Testing?
  • Scalability: Easily adapts to changing enterprise needs.
  • Ease of Use: User-friendly interface with guided scans.
  • Comprehensive Reporting: Detailed vulnerability analysis and reporting.
  • Integration Capabilities: Works with Fortify code scanner and user authentication scanning.
  • Wide Vulnerability Detection: Identifies extensive security vulnerabilities.
What benefits should users expect from reviews?
  • Efficient Vulnerability Management: Streamlines security management in development environments.
  • Detailed Analysis: Provides in-depth insights into security issues.
  • Quick Setup: Easy to deploy within existing systems.
  • Enterprise Preference: Supports enterprise environments efficiently.

In industries like BFSI, OpenText Dynamic Application Security Testing is employed for performance network application testing, dynamic and static application security testing, and code checks. Security and QA teams use it in development processes to ensure application security prior to release, proving integral in both enterprise and testing environments.

OpenText

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Aaron's
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
OpenText Dynamic Application Security Testing vs. Veracode
December 2025
Free Report: OpenText Dynamic Application Security Testing vs. Veracode
Find out what your peers are saying about OpenText Dynamic Application Security Testing vs. Veracode and other solutions. Updated: December 2025.
DOWNLOAD NOW
881,757 professionals have used our research since 2012.
See our OpenText Dynamic Application Security Testing vs. Veracode report.
See our list of best Dynamic Application Security Testing (DAST) vendors.

We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.